Phishing Tool Uses Smart Redirects to Bypass Detection
Summary
Researchers at KnowBe4 have observed a new phishing tool, called Quantum Route Redirect, simplifying the creation and delivery of large-scale credential‑stealing campaigns targeting Microsoft 365 users. The tool automates campaign setup, traffic rerouting and victim tracking, and uses an intelligent redirect system that can distinguish security scanners from human users to evade URL‑based defences such as Exchange Online Protection, SEGs and some time‑of‑click checks. Around 1,000 domains have hosted the tool and campaigns using it have impacted victims in 90 countries, with the majority in the United States.
Key Points
- Quantum Route Redirect packages complex phishing flows into one‑click campaigns, lowering the skill needed to run advanced phishing attacks.
- Campaigns use hosted or compromised domains with URL patterns like “/([\w\d-]+\.){2}[\w]{,3}\/quantum.php/” that funnel victims to credential‑harvesting pages.
- The tool’s redirect logic sends security scanners to benign sites while delivering phishing pages to human users, bypassing URL scanning and even some web application firewalls.
- Observed reach spans 90 countries; ~76% of victims were in the US, showing broad international impact.
- Defensive recommendations include stronger NLP‑based email analysis, URL filtering in both email and WAF products, and sandboxing or managed inspection services.
Content summary
Quantum Route Redirect streamlines phishing campaign creation with preconfigured templates and automated redirects that identify whether a visitor is a security tool or a person. That lets attackers serve harmless pages to scanners while delivering malicious credential‑capture pages to real users. The campaigns observed imitate common themes (DocuSign, payroll, payment notices, voicemail, QR quishing) to increase click rates, and they are typically hosted on parked or compromised domains. KnowBe4 advises combining contextual NLP analysis, domain and URL checks, impersonation detection, URL filtering in email and WAFs, and sandboxing to mitigate this threat.
Context and relevance
This development is important because it lowers the technical barrier for launching sophisticated phishing operations, effectively widening the pool of potential attackers. As email security moves beyond simple signature and static URL checks to time‑of‑click and behavioural analysis, attackers are adapting with techniques that target those exact defences. Organisations relying solely on basic SEG or legacy URL scanning are at greater risk; layered, context‑aware defences and active inspection are now more critical.
Why should I read this?
Short and blunt: if you care about keeping user credentials and inboxes safe, this matters. Quantum Route Redirect makes advanced phishing laughably simple for less skilled crooks and dodges common defences — so it’s worth a quick read to check whether your email and web defences are still fit for purpose.
Author style
Punchy — the piece flags a notable escalation in attacker tooling that merits immediate attention from defenders and security teams.